**** Please enable 2FA on your OcUK forum account ****

[Rainmaker]

Actually, if anyone wants a free premium Bitwarden account including OTP/2FA (hosted by me and encrypted with your own key) give me a shout and I'll hook you up. OcUK members only, and at your own risk*.



* The server is backed up twice, onsite and offsite every 24h - and is protected by both Cloudflare and an OpenBSD firewall. Had zero issues in years, but... well, disclaimer disclaimer to be safe and all that.

 

[Feek]

Any chance of giving people the option to sign in with Google or Microsoft accounts so that the auth workflow is handled by those companies and all the systems they have in place?

That's not even under consideration at the moment, no.

 

[Cooper]

Feels I'm drowning under password resets and 2FA these days....It's all so so tiresome.

 

[MouthBoy]

Enabled. Thanks.

 

[MCFC_ANDY]

done and dusted

 

[dlockers]

Feels I'm drowning under password resets and 2FA these days....It's all so so tiresome.

u ok hun? txt me if u wanna chat x

 

[Blackjack Davy]

Sigh.

you can use a single 2FA app like google authenticator for most of your 2FA needs, your only going to have more and more accounts using this tbh

That runs on a regular PC, right?

I've said it before and I'll say it again - this place is great, but it's predominantly gamers and such, not actual techies (with some notable exceptions). Most people here don't have much in-depth knowledge about privacy, encryption, networking, servers or the like.



As I said, the correct answer. Enable 2FA/OTP on all the things, get yourself a YubiKey or similar for physical 2FA, and generate a solid curve ed25519 SSH key and a GPG key - and use them!

Sounds about right. By the way could you put that last part in english please?

 

[andy_mk3]

Done.

Recently I have been getting into the habit of using random generated passwords for each site and using Bitwarden to autofill.

 

[im4gine3]

done.

 

[Deleted member 77746]

It's been enabled since day 1 of the forum getting that feature. Everywhere I can enable it, it's enabled.

I use Authy because there is a windows app. If I ever loose my phone I have a second way to get onto my accounts. I don't want to be left in a situation that I'm locked out of all my accounts until I purchase a new smart phone.

I also use VaultWarden (Which is a fork of BitWarden) with 20 char random passwords, self hosted.

 

[Ahleckz]

Actually, if anyone wants a free premium Bitwarden account including OTP/2FA (hosted by me and encrypted with your own key) give me a shout and I'll hook you up. OcUK members only, and at your own risk*.



* The server is backed up twice, onsite and offsite every 24h - and is protected by both Cloudflare and an OpenBSD firewall. Had zero issues in years, but... well, disclaimer disclaimer to be safe and all that.

I don’t use a password manager, and my password usage probably isn’t going to win any security awards.

Should I take you up on your offer? I don’t know what most of it means. But you said premium, and free. Are you going to empty my bank account, both RBS and RuneScape?

Educate me please! (Genuinely, I’m very ignorant with this sort of stuff!)

 

[dlockers]

Actually, if anyone wants a free premium Bitwarden account including OTP/2FA (hosted by me and encrypted with your own key) give me a shout and I'll hook you up. OcUK members only, and at your own risk*.



* The server is backed up twice, onsite and offsite every 24h - and is protected by both Cloudflare and an OpenBSD firewall. Had zero issues in years, but... well, disclaimer disclaimer to be safe and all that.

This is a lovely offer but nobody do this, lol

 

[FloppyPoppy]

We've had a handful of instances over the last few days where forum members have had their accounts compromised.

Feeking hell i don't want to be compromised.

 

[Deleted member 77746]

This is a lovely offer but nobody do this, lol

I have to agree with this. While it's a nice offer you are not a business and hosting other peoples passwords if something happens you could end up in hot water. Please don't do this.

If people want to put their data in the hands of others this is something you need to be looking at. The personal plan is free.

Bitwarden Open Source Password Manager | Bitwarden

 

[Werewolf]

2FA via an app on your phone only takes ~30 seconds once a month which is worth it.

I would suggest anyone who sets up two factor authentication via and app makes a note of the "backup" codes that the forum will generate and you keep them safe, as that way if the app isn't working/you lose your phone you've got IIRC 10 codes to last you until you get it paired with a new authenticator.

 

[LiE]

Microsoft Authenticator can be installed on a tablet as well. I have it installed on my iPad and my back up iPhone 6s.

 

[Rainmaker]

This is a lovely offer but nobody do this, lol

Why? It's Bitwarden - everything is encrypted at rest, in transit and at all times. Only the account holder has the key. The (encrypted) database is backed up twice (on and off prem) daily, and stored further encrypted (AES256) in an rclone vault which is only accessible by my private key. I have a better setup than most orgs lol.

I have to agree with this. While it's a nice offer you are not a business and hosting other peoples passwords if something happens you could end up in hot water. Please don't do this.

If people want to put their data in the hands of others this is something you need to be looking at. The personal plan is free.

Bitwarden Open Source Password Manager | Bitwarden

I suggested Bitwarden in my post, but OTP isn't free, it's £10 a year. What hot water are you referring to? There's certainly no legislation applicable to private individuals. Best bet is to RTFM and set up your own, or pay Bitwarden the £10/year. Failing that the offer's open. It's a trivial matter to back up your own Bitwarden to a file once a month and store it safely in case I drop dead.

 

[dlockers]

Why? It's Bitwarden - everything is encrypted at rest, in transit and at all times. Only the account holder has the key. The (encrypted) database is backed up twice (on and off prem) daily, and stored further encrypted (AES256) in an rclone vault which is only accessible by my private key. I have a better setup than most orgs lol.



I suggested Bitwarden in my post, but OTP isn't free, it's £10 a year. What hot water are you referring to? There's certainly no legislation applicable to private individuals. Best bet is to RTFM and set up your own, or pay Bitwarden the £10/year. Failing that the offer's open. It's a trivial matter to back up your own Bitwarden to a file once a month and store it safely in case I drop dead.

Because when you get hit by a bus/win the lottery; it's all gone?

 

[Cyber-Mav]

Enable 4 factor authentication and they will send code to you in post by royal mail?

 

[Deleted member 77746]

Why? It's Bitwarden - everything is encrypted at rest, in transit and at all times. Only the account holder has the key. The (encrypted) database is backed up twice (on and off prem) daily, and stored further encrypted (AES256) in an rclone vault which is only accessible by my private key. I have a better setup than most orgs lol.

I suggested Bitwarden in my post, but OTP isn't free, it's £10 a year. What hot water are you referring to? There's certainly no legislation applicable to private individuals. Best bet is to RTFM and set up your own, or pay Bitwarden the £10/year. Failing that the offer's open. It's a trivial matter to back up your own Bitwarden to a file once a month and store it safely in case I drop dead.

You are one person. Not a business. You die who will take over the admin? As I said nice offer but if someone is going to do this at least put it in hands of a company with multiple people.